Poland authorities arrested Artem Vaulin, 20, on July 20, 2016. Born in Ukraine, Vaulin had established the most successful piracy network in the world under the now famous name Kickass Torrents. Home Land Security Special Agent Jared Der-Yeghiayan had been investigating the website since its inception in 2008, and after eight years of playing mouse and cat, the operation finally caught the boss of internet piracy.
Many governments around the world punish copyright infringement, commonly known as theft, as a felony or a misdemeanor depending on the circumstances. If a person reproduces, distributes, displays or performs content protected by copyright law without any financial gain, the authorities will usually set small fines or reduced jail time. However, when the person is getting monetary benefits directly associated with the infringement, the person would face long prison sentences along with hefty fines. In spite of the consequences, the web is flooded with piracy.
The internet allows users to act with a certain degree of anonymity, in fact, tech-savvy individuals can be complete ghosts on the web. As a result, governments around the world have created special units to deal with cyber criminals, and they have proven time and time again that there’s no real way to be invisible, even on the internet. Special Agent Jared Der-Yeghiayan led an investigation team that took down Kickass Torrents, the biggest piracy site on the web.
Those little ad banners on the websites can give a lot of money
Kickass Torrents, known on the internet as “KAT” started operations in early 2009. The site provides people with a user-friendly platform that allows people to download and upload content for free. The list of things people can find includes, but it’s not limited to movies, music, and games. The problem is the owners of the page don’t have the copyright holders’ authorization to do so which is illegal as mentioned above. Letting the users operate for free had one objective, generate traffic. The page became very popular, and millions of people got into it. A page with high traffic is appealing for companies that want to advertise their services to the masses.
Until the authorities shut it down, the page had been running for eight years, and it had been very successful. According to Alexa.com, a website that tracks other site’s popularity, KAT is the 69th most famous site in the whole internet with incredible 50 million single visits per month. Another website, siteprice.org, estimates KAT generates around $16 million in advertising revenue, and the entire webpage’s net worth would be around $54 million. Moreover, the England and Whales High Court found KAT infringed copyrights in 2013 and naively estimated the advertising revenue income between $12,525,469 and $22,383,918 a year. Special Agent Jared would find out later the sum was much greater.
— Gadgets 360 (@Gadgets360) July 21, 2016
The spy tale behind the operation that took down KAT
The Home Land Security (HLS), the investigation team, discovered KAT ran on seven different websites in addition to one hidden in the deep web only accessible by a Tor browser. The research team used a WHOIS search that allows the user to discover the provider behind an IP. By doing so, they found the websites were registered in different locations around the world including Philippines, Canada, and The United States, among others.
Then they recurred to archive.org to investigate the origins of those websites. The investigators used something called the way back machine and discovered the sites had been backed up several times in the past. Furthermore, HLS agents saw the domains’ names had been changed several times in the past due to court blocking for copyright infringement in countries like, but not limited to Italy, Philippines and Denmark.
Using warrants, the agents got the host providers to give them these domain’s user records including a phone number, email address and more. They showed Artem Vaulin had registered them all using an address from Ukraine.
On November 13, 2015, an IRS undercover agent (UC) contacted KAT’s staff to get information on how to advertise on the web page. There wasn’t a response, so the UC sent a private message to one of the admins, Mr. White, with the same objective. Eleven days later, a person using the email email@example.com got in contact with the agent to attend the request. The investigation team presented the handler with a fake page about a program to study in the US. On December 9, KAT representative agreed to provide the service for 300$ a day. He gave the UC bank information of an account registered in a bank in Latvia to proceed with the payment. He added the name of the website could not be used during the operation. The transaction was finally completed in March 2016, and the site included a redirecting link under the “Deadpool” movie.
The investigation team hired KAT’s services again later on 2016 and received different bank information from an account registered in a bank from Estonia. Using the Mutual Legal Assistance Treaty, the investigators got the account’s bank records. They showed that in around seven months, the subject, GA Star Trading, had received around €28 million in deposits for advertisement services.
This whole process allowed the agents to identify the different bank and email accounts from the organization.
Facebook and Apple provided information that linked Vaulin to the foundation of KAT
During the investigation, Agent Jared discovered a Facebook page called “official.KAT.fanclub.” The page was created in 2010, one year after Kickass Torrents went live. The page was used to give updates on the website’s status. Facebook provided the investigators with the user records, and they realized the account was registered using one of the emails previously associated with KAT’s staff.
As time passed, the pirate king got sloppy and started to leave traces. Agent Jared discovered the Ukrainian also had an Apple store account. In fact, he used it to purchase a couple of things in 2015. The information provided by Apple showed Vaulin had an account registered with the email firstname.lastname@example.org. It was a jackpot. He created it in 2010 with an address in Kharkiv, Ukraine, and also included Vaulin’s phone number and financial information. Moreover, the Ukrainian set email@example.com as the “rescue” email. Cryptoneat is a company founded by Artem Vaulin, and the agent believes he used it to cover the operation partially.
At one point, the investigation stumbled up with a KAT post called “People.” It described the corporate organization of the website labeling “Trim” as the owner. Then, the investigators tracked old posts where Trim answers customer support requests dating way back to 2010 proving the man was involved since the beginning.
With a warrant, the team accessed the email and found several messages including one from late 2008 giving instructions on how the interface of the website would be. Also, the agents tracked down the IP address to access the Apple account, and it matched with the Facebook and a Bitcoin account both registered to Artem Vaulin.
The whole operation is going down, but not really
Agent Jared and his colleagues also found servers associated to KAT in Canada and Chicago. They cracked them and found the last gold mine. In a folder called “Etc,” there was a list of all the people with access to the domains including usernames, nicks, real names, and addresses. Accordingly, the agents checked out Cryptoneat’s staff and found a lot of matches, so they think the company was used as a cover. However, the authorities have not issued capture warrants on any of them yet.
The US government wants to bring the Ukrainian man to North America where he faces a 20-year long sentence. The court charged “Tirm” with four criminal counts including money laundering and conspiring with others to do copyright infringement. The legal Hall also issued a seize order on all of KAT’s domains which means the page is going down.
However, this kind of sites never actually die, and as happened with the Pirate Bay, it will reappear as a zombie page.